CVE-2020-11286

An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVSS v3.0 6.8 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.8^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:qualcomm:mdm9206:-:::::::*
	cpe:2.3:h:qualcomm:mdm9607:-:::::::*
	cpe:2.3:h:qualcomm:mdm9650:-:::::::*
	cpe:2.3:h:qualcomm:msm8909w:-:::::::*
	cpe:2.3:h:qualcomm:mdm9655:-:::::::*
	cpe:2.3:h:qualcomm:mdm9640:-:::::::*
	cpe:2.3:h:qualcomm:sdx20:-:::::::*
	cpe:2.3:h:qualcomm:sdm630:-:::::::*
	cpe:2.3:h:qualcomm:qca6174a:-:::::::*
	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:qca6584:-:::::::*
	cpe:2.3:h:qualcomm:qca6584au:-:::::::*
	cpe:2.3:h:qualcomm:qca9377:-:::::::*
	cpe:2.3:h:qualcomm:msm8937:-:::::::*
	cpe:2.3:h:qualcomm:apq8096au:-:::::::*
	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
	cpe:2.3:h:qualcomm:qca6574:-:::::::*
	cpe:2.3:h:qualcomm:sd210:-:::::::*
	cpe:2.3:h:qualcomm:sd205:-:::::::*
	cpe:2.3:h:qualcomm:sd835:-:::::::*
	cpe:2.3:h:qualcomm:sd820:-:::::::*
	cpe:2.3:h:qualcomm:sd_636:-:::::::*
	cpe:2.3:h:qualcomm:apq8017:-:::::::*
	cpe:2.3:h:qualcomm:apq8053:-:::::::*
	cpe:2.3:h:qualcomm:apq8009:-:::::::*
	cpe:2.3:h:qualcomm:qca6174:-:::::::*
	cpe:2.3:h:qualcomm:apq8076:-:::::::*
	cpe:2.3:h:qualcomm:mdm9250:-:::::::*
	cpe:2.3:h:qualcomm:mdm9628:-:::::::*
	cpe:2.3:h:qualcomm:sd821:-:::::::*
	cpe:2.3:h:qualcomm:sd660:-:::::::*
	cpe:2.3:h:qualcomm:apq8009w:-:::::::*
	cpe:2.3:h:qualcomm:apq8064au:-:::::::*
	cpe:2.3:h:qualcomm:sdw2500:-:::::::*
	cpe:2.3:h:qualcomm:sdx20m:-:::::::*
	cpe:2.3:h:qualcomm:wcd9330:-:::::::*
	cpe:2.3:h:qualcomm:ar8151:-:::::::*
	cpe:2.3:h:qualcomm:csr6030:-:::::::*
	cpe:2.3:h:qualcomm:mdm9626:-:::::::*
	cpe:2.3:h:qualcomm:pm660:-:::::::*
	cpe:2.3:h:qualcomm:pm660a:-:::::::*
	cpe:2.3:h:qualcomm:pm660l:-:::::::*
	cpe:2.3:h:qualcomm:pm8004:-:::::::*
	cpe:2.3:h:qualcomm:pm8005:-:::::::*
	cpe:2.3:h:qualcomm:pm8909:-:::::::*
	cpe:2.3:h:qualcomm:pm8916:-:::::::*
	cpe:2.3:h:qualcomm:pm8937:-:::::::*
	cpe:2.3:h:qualcomm:pm8952:-:::::::*
	cpe:2.3:h:qualcomm:pm8953:-:::::::*
	cpe:2.3:h:qualcomm:pm8956:-:::::::*
	cpe:2.3:h:qualcomm:pm8996:-:::::::*
	cpe:2.3:h:qualcomm:pm8998:-:::::::*
	cpe:2.3:h:qualcomm:pmd9607:-:::::::*
	cpe:2.3:h:qualcomm:pmd9645:-:::::::*
	cpe:2.3:h:qualcomm:pmd9655:-:::::::*
	cpe:2.3:h:qualcomm:pmi8952:-:::::::*
	cpe:2.3:h:qualcomm:pmi8994:-:::::::*
	cpe:2.3:h:qualcomm:pmi8996:-:::::::*
	cpe:2.3:h:qualcomm:pmi8998:-:::::::*
	cpe:2.3:h:qualcomm:pmk8001:-:::::::*
	cpe:2.3:h:qualcomm:pmm8996au:-:::::::*
	cpe:2.3:h:qualcomm:pmx20:-:::::::*
	cpe:2.3:h:qualcomm:qat3514:-:::::::*
	cpe:2.3:h:qualcomm:qat3522:-:::::::*
cpe:2.3:h:qualcomm:qat3550:-:::::::*
cpe:2.3:h:qualcomm:qbt1000:-:::::::*
cpe:2.3:h:qualcomm:qbt1500:-:::::::*
cpe:2.3:h:qualcomm:qca6310:-:::::::*
cpe:2.3:h:qualcomm:qca6320:-:::::::*
cpe:2.3:h:qualcomm:qca6564a:-:::::::*
cpe:2.3:h:qualcomm:qca6564au:-:::::::*
cpe:2.3:h:qualcomm:qca6574a:-:::::::*
cpe:2.3:h:qualcomm:qca9367:-:::::::*
cpe:2.3:h:qualcomm:qet4100:-:::::::*
cpe:2.3:h:qualcomm:qet4101:-:::::::*
cpe:2.3:h:qualcomm:qet4200aq:-:::::::*
cpe:2.3:h:qualcomm:qfe1040:-:::::::*
cpe:2.3:h:qualcomm:qfe2340:-:::::::*
cpe:2.3:h:qualcomm:qfe2550:-:::::::*
cpe:2.3:h:qualcomm:qfe3100:-:::::::*
cpe:2.3:h:qualcomm:qfe3320:-:::::::*
cpe:2.3:h:qualcomm:qln1021aq:-:::::::*
cpe:2.3:h:qualcomm:qln1030:-:::::::*
cpe:2.3:h:qualcomm:qln1031:-:::::::*
cpe:2.3:h:qualcomm:qln1036aq:-:::::::*
cpe:2.3:h:qualcomm:qpa4340:-:::::::*
cpe:2.3:h:qualcomm:qpa4360:-:::::::*
cpe:2.3:h:qualcomm:qpa5460:-:::::::*
cpe:2.3:h:qualcomm:qsw8573:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc800s:-:::::::*
cpe:2.3:h:qualcomm:qtc800t:-:::::::*
cpe:2.3:h:qualcomm:rgr7640au:-:::::::*
cpe:2.3:h:qualcomm:rsw8577:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:smb1350:-:::::::*
cpe:2.3:h:qualcomm:smb1351:-:::::::*
cpe:2.3:h:qualcomm:smb1357:-:::::::*
cpe:2.3:h:qualcomm:smb1358:-:::::::*
cpe:2.3:h:qualcomm:smb1360:-:::::::*
cpe:2.3:h:qualcomm:smb1380:-:::::::*
cpe:2.3:h:qualcomm:smb231:-:::::::*
cpe:2.3:h:qualcomm:smb358s:-:::::::*
cpe:2.3:h:qualcomm:wcd9326:-:::::::*
cpe:2.3:h:qualcomm:wcd9335:-:::::::*
cpe:2.3:h:qualcomm:wcd9340:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcn3610:-:::::::*
cpe:2.3:h:qualcomm:wcn3615:-:::::::*
cpe:2.3:h:qualcomm:wcn3660b:-:::::::*
cpe:2.3:h:qualcomm:wcn3680b:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wgr7640:-:::::::*
cpe:2.3:h:qualcomm:wsa8810:-:::::::*
cpe:2.3:h:qualcomm:wsa8815:-:::::::*
cpe:2.3:h:qualcomm:wtr2955:-:::::::*
cpe:2.3:h:qualcomm:wtr2965:-:::::::*
cpe:2.3:h:qualcomm:wtr3905:-:::::::*
cpe:2.3:h:qualcomm:wtr3925:-:::::::*
cpe:2.3:h:qualcomm:wtr3950:-:::::::*
cpe:2.3:h:qualcomm:wtr4905:-:::::::*
cpe:2.3:h:qualcomm:wtr5975:-:::::::*
cpe:2.3:h:qualcomm:mdm9230:-:::::::*
cpe:2.3:h:qualcomm:mdm9330:-:::::::*
cpe:2.3:h:qualcomm:mdm9630:-:::::::*
cpe:2.3:h:qualcomm:pmd9635:-:::::::*
cpe:2.3:h:qualcomm:pmi8937:-:::::::*
cpe:2.3:h:qualcomm:qfe1045:-:::::::*
cpe:2.3:h:qualcomm:qfe3335:-:::::::*
cpe:2.3:h:qualcomm:qfe3345:-:::::::*
cpe:2.3:h:qualcomm:sdw3100:-:::::::*
cpe:2.3:h:qualcomm:wcd9306:-:::::::*
cpe:2.3:h:qualcomm:wcn3620:-:::::::*
cpe:2.3:h:qualcomm:qfe1035:-:::::::*

History

No history.

Information

Published : 2021-02-22 07:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-11286

Mitre link : CVE-2020-11286

JSON object : View

Products Affected

qualcomm

pm8998
sdx20
qbt1000
sdw2500
qca9367
qln1036aq
pmi8994
mdm9655
wcd9306
smb1358
qtc800t
qca6584au
qtc800h
mdm9626
wcd9330
mdm9330
wsa8815
rsw8577
wtr3925
msm8937
wcn3990
qca6564a
smb1351
wcn3680b
pmd9645
qfe2340
qfe1040
qca6174a
sdr660
qfe2550
wcn3615
sd835
qln1021aq
apq8064au
pmi8952
qpa5460
smb1380
qln1031
qln1030
smb1350
qca6310
apq8009w
qet4200aq
qfe1045
qsw8573
sdx20m
pm8909
qpa4360
wtr4905
mdm9630
sd821
qet4101
smb1357
pm8952
pmd9635
qca6584
mdm9250
pm660
pmd9655
wtr2965
pmi8996
qet4100
mdm9607
pmm8996au
qbt1500
sd_636
qca6174
qca6574au
qca9377
smb358s
pm8937
pm8004
pmi8937
qtc800s
sd820
pmx20
qfe3320
sdm630
apq8096au
apq8053
wcn3660b
qfe3345
qca6574a
qat3522
pm8005
rgr7640au
wcn3610
pm8916
pm8996
wtr3905
pm8956
wtr5975
wcn3980
mdm9628
csr6030
qca6574
wtr3950
msm8909w
wcd9335
mdm9650
wsa8810
sd205
wgr7640
pm660l
mdm9640
mdm9206
sd660
wcn3620
pmd9607
qat3550
sdw3100
apq8009
smb1360
qfe3100
apq8076
qat3514
qca6564au
smb231
wcd9326
wcd9340
pm660a
qpa4340
ar8151
pmk8001
msm8996au
qfe1035
qfe3335
mdm9230
pmi8998
qca6320
pm8953
apq8017
wcd9341
sd210
wtr2955

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

6.8 /10